The most common use of the Internet is communication via electronic mail. Common forms of web-based email services are provided by Email Service Providers (ESPs) examples of which include Yahoo! Mail, Microsoft Live Mail, Google GMail, and others. Each of these providers receives a large number of messages which are inbound to the providers, many of which are phishing messages, spam messages or unsolicited bulk-email messages. These provides also receive a number of messages from legitimate institutions whose customers have provided their web-based email as the primary means of electronic communication.
Large scale ESPs can stop a limited amount of spam and phishing email using various spam detection mechanisms, including comparing the sending IP address to a list of known spammer addresses or confirming the validity of the sending IP address with a Domain Name Service (DNS) server. Though typical anti-spam applications remove a portion of incoming spam from user accounts, they do not prevent all spam from being delivered and can sometimes result in “false positives”, where legitimate mail is marked as spam.
Phishing emails are a bit more difficult to detect, as they may appear to users to be legitimate emails from reputable on-line vendors. Occasionally, these emails pass by spam filters when their pattern has not been recognized by the spam filter. Conversely, legitimate emails can sometimes be caught by spam filters. Users need to regularly check their spam folder to ensure legitimate emails are not incorrectly routed there.
Some providers allow users to “white list” email addresses using various mechanisms. For example, bulk mail routed to a user's spam or deleted items folder may be marked as “not spam” and future messages from the “from” address identified on a whitelist are then allowed to pass to the user's inbox the future.
Current systems strive to keep users safe from nefarious messages, while still allowing messages the users want to view through to the user. Users may demonstrate a pattern of reading mail from sources which might otherwise have characteristics which lead existing systems to identify them as suspicious. For example, users may consistently read emails from a banking institution having text which closely resembles phishing emails made to resemble emails from the institution.